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© Implementing privilege on microprocessor systems for use in software asset protection. 



© A duai privilege level coprocessor (20) especially 
suited for use in a software asset protection system 
comrises a supervisor processing element (201 ). and 
an application processing element (240) coupled by 
a bus (250). A high privilege read only memory 
(24-1) and a secure random access memory (240) 
are enabled oniy in response to dedicated control 
signals from the supervisor processor (210). While 
an application processor (247) has many general 
purpose computing capabilities, it is incapable of 
executing input or output operations. An input/output 
device (247) is also coupled to the bus and con- 
trolled by the supervisor processor. A secure ran- 
dom access memory (246) is provided for storage of 
sensitive information such as decryption keys. The 
C\|coprocessor implements a low privilege level of op- 
^eration for the purpose of executing protected soft- 
ggware which is first decrypted under the control of the 
€■> supervisor processor and then stored in the applica- 
tion processor random access memory* (243). The 
©^coprocessor is also capable of high privilege opera- 
Cgtion either by the supervisor processor alone or with 
^•the supervisor processor controlling the application 
©processor and its associated high privilege read oniy 
memory (241). 
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IMPLEMENTING PRIVILEGE ON MICROPROCESSOR SYSTEMS FOR USE IN SOFTWARE ASSET PROTEC- 



TION 



Technical Reld 

The invention is in the field of data processing, 
and particularly with respect to a software copy 5 
protection mechanism. That mechanism requires a 
two privilege state processor, and the present in- 
vention provides a dual privilege* processor which 
can be implemented using currently available low 
cost processors which inherently do not provide io 
the desired multi-level privilege structure. 

> 

Background 

15 

Copending application [YO985-091 ], the disclo- 
sure of which is incorporated by this reference, 
describes a software copy protection mechanism 
which is unique in that it segregates the right to 
execute a particular piece of application software 20 
from, a copy of the software itself. The software is 
protected to the extent that it is distributed in 
encrypted form. The protected software is execut- 
able on a composite computing system including a 
conventional host (which may be a mainframe 25 
computer although typically; it„ would be. represent- . . - 
ed by a PC) in combination with a physically and 
logicaliy secure coprocessor. The logically and 
physically secure coprocessor basically performs 
two essential functions- The coprocessor stores a ~ 30 
software decryption key (AK) for a protected ap- 
plication in secure, non-volatile storage; the soft- 
ware decryption key (AK) when installed in a 
coprocessor represents the user's right to execute 
the protected application. The coprocessor also 35 
effects the decryption and execution of the pro- 
tected application, and thus while it provides to the 
host: the results of execution of the protected ap- 
plication, the protected application itself is main- 
tained secure. 40 

Typically, the protected application will be re- 
presented on a distribution media in at least two 
files, a first file of plain text software, which (to the 
extent it is present) is executed on the host, and a 
second file of encrypted software which will be 45 
executed on the coprocessor. The coprocessor, 
since it has access to the software decryption key, 
can read the software portion provided in encryp- 
ted form, and decrypt it so that its random access 
memory stores the protected software in plain text so 
form. The physical and logical security provided by 
the coprocessor prevents the user (or a pirate) 
from obtaining access to clear text of the protected 
application. The coprocessor executes the protect- 



ed application, passing only results onto the host. 
In this fashion, the entire application is executed 
but the user never has access to the protected 
application in plain text or executable form. 

The present invention is directed at a simple, 
low cost implementation of the coprocessor, with 
respect to its logical security. 

Processors exhibiting multiple privilege levels 
have been known in the prior art. With .the introduc- 
tion of multi-processing, the mainframe computer 
field found a need for implementing privilege struc- 
ture at least to ensure that user #Vs program 
and/or data did not" interfere with or be interfered 
by user #2's program or data. In many cases the 
privilege structure was implemented in software, in 
the past in the mainframe computing field, the 
software privilege structure was feasible because 
the system programmers and system operators 
were part and parcel of the security system and 
they would ensure that application programs com- 
plied with the necessary privilege structure. 

There are processors which provide multi-level 
privilege structures, but those are too costly for use 
in such low cost applications as the present inven- 
tion is directed at. The function- of the privilege 
structure, in prior art systems has been, the separa-- 
tion of execution spaces of multiple users to insure 
meaningful, orderly, non-destructive use and al- 
location of system processing resources but not for 
copy protection of software. These do not always 
exhibit open architecture. 

For the software asset protection mechanism 
described in application [YO985-091] to be widely 
applied, the architecture of the coprocessor must 
be open to allow widespread use; this necessarily 
requires that the coprocessor and its instruction set 
will be widely known. Without some form of privi- 
lege structure, an application program could be 
written which would access information violating 
the security requirements, such as decryption 
keys, or the plain text version of protected soft- 
ware. 

More particularly, as described in application 
[YO985-091], the coprocessor must provide func- 
tions and data which are not available to the user. 
These include data encryption and decryption, the 
right to execute a specific application, and encryp- 
tion keys. The coprocessor, in addition to imple- 
menting security, must also be capable of general 
purpose computing tasks since the protected por- 
tion of any application is intended to be executed 
on the coprocessor. 

Accordingly, it is an object of the invention to 
provide, in accordance with a software asset pro- 



tection mechanism, logical security for a coproces- 
sor, which coprocessor is capable of general com- 
puting tasks. It is another object of the invention to 
provide logical security for such a coprocessor 
notwithstanding the fact that the internal architec- 
ture and instruction set for the coprocessor are 
expected to be widely circulated and known. It is 
another object of the present invention to provide a 
coprocessor for such a software asset protection 
mechanism which is capable of storing and using 
rights to execute implemented in the form of soft- 
ware decryption keys, but which prevent the user 
from obtaining access to any software decryption 
key. It is another object of the present invention to 
provide such a secure coprocessor which, in the 
course of executing protected software; will decrypt 
and <store that software in plain text form, but which 
will deny access to the user to plain text of pro- 
tected software. It is another object of the invention 
to provide such a coprocessor notwithstanding the 
fact that the architecture and instruction set of the 
coprocessor are widely known. 

Summary of the invention 

The invention meets these and other objects 
by structuring the coprocessor so that it consists of 
two processing elements; one of those two pro- 
cessing elements, referred to hereinafter as the 
application processor (AP) is actually used to ex- 
ecute the protected application, and a second pro- 
cessor element, hereinafter referred to as the su- 
pervisor processor (SP) is used to control the privi- 
lege state of the coprocessor consisting of both the 
AP and SP. 

The coprocessor includes an i/O service ele- 
ment with an I/O terminal; the I/O service element 
is controlled by -the SP. In accordance with the 
■ invention the SP is responsible for communication 
with the host and performing tasks based on com- 
mands it receives. These tasks include changing- 
the privilege state, data encryption/decryption, and 
transfer of privilege. The instructions the SP is 
capable of responding to are defined and those 
definitions are stored in a secure ROM, such that 
they cannot be modified by external commands. 
To further ensure security of the SP, it fetches 
instructions only from its secure ROM. Data may 
be fetched or stored to its internal register fife or 
external random access memory. On ' the other 
hand, the AP is, for the most part, a general 
purpose processor since it must execute applica- 
tion code, and is capable of fetching instructions 
and/or data in RAM or ROM. The RAM and/or 
ROM used by the AP is logically and/or physically 
separate from that of the SP. While the AP can 
perform many general purpose computing func- 
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tions, it has no I/O capability and thus cannot 
transfer to the host any data or software. When the 
host computer requests execution of a protected 
program, the first function of the SP is to clear the 
5 AP RAM; thereafter the SP reads the encrypted 
application code and employing the appropriate 
software decryption key, stores the decrypted ap- 
plication' code in the AP RAM. The SP then issues 
a start instruction to the AP. Since the AP does not 

10 have access to the SP memory, programs written 
to defeat the security system cannot read or trans- 
fer data such as encryption keys or the right to 
execute applications. The SP is programmed to 
transfer to the host only the results of processing 

75 information from the AP memory. 

Accordingly, the invention provides a logically 
secure processor with an, I/O terminal for input or 
output operations with protection from allowing ac- 
cess to protected data stored in the processor. The 

20 logically secure processor comprises an application 
processor for executing software in accordance 
with a first set of executable operations. 

The apparatus further includes a supervisor 
processor coupled to and controlling the appiica- 

25 tion processor and a system bus coupled to both 
the supervisor and application processor. The ap- 
paratus further includes an I/O terminal coupled to 
and controlled by the supervisor processor. The 
apparatus further includes a secure read only 

30 memory device and a secure read/write memory 
device. These are coupled to the system bus and 
controlled by the supervisor processor. The secure 
read only memory has contents defining a second 
set of operations executable by the application 

35 processor only when the secure memory devices 
are enabled by the supervisor processor. Thus, the 
application processor, in responding to external 
commands via the system bus, is prohibited from 
performing operations requiring access to the se- 

40 cure read only memory device or secure read/write 
memory device, absent enablement of the secure 
memory devices by the supervisor processor. 

In the foregoing description the first set of 
executable operations (those performable by the 

45 application processor) are typical of general data 
processing techniques except that the first set of 
executable operations does not include input or 
output operations. 

In general, the logically secure processor op- 

so erates in one of two privilege states, a high privi- 
lege state or a low privilege state. In the low 
privilege state, essentially the only function being 
performed is executing protected software by the 
application processor. While the protected software 

55 is stored in random access memory available to 
the application processor (as it must be for the 
application processor to-execute it), the inability of 
the application processor to output any information 
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ensures that the protected application is secure 
from access by the user, or anyone else, via the 
application processor. Since the application proces- 
sor is controlled by the supervisor processor, the 
application processor is only initiated into operation 5 
by action of the supervisor processor. Furthermore, 
as a protection mechanism, prior to loading a pro- 
tected application in the application processor ran- 
dom access memory, the supervisor processor 
clears that memory. The low privilege state of to 
operation of the secure processor can be consid- 
ered a service to the software vendor, since while it 
provides the user with the right to execute the 
software, it protects that software from unauthoriz- 
ed access (as a service to the software vendor). j 75 

The logically secure processor also operates in 
a high privilege state, the high privilege state can 1 
be considered a service to the hardware vendor in 
that it guarantees the security offered, from the 
hardware vendor to the collection of software ven- 20 
dors. |n the high privilege state, the logically secure 
processor is capable of manipulating rights to ex- 
ecute, i.e. acquiring rights and transferring rights, 
which necessarily requires manipulation of decryp- 
tion keys stored in a secure random access mem- 25 
ary. While the secure random access memory 
which provides for storage of decryption keys 
could be arranged to be solely accessible by the 
supervisor processor, such architecture would re- 
quire that the supervisor processor per se be_ca- 30. 

pable of itself performing alt those functions neces- 
sary to decryption key management. As described 
in this application, however, such architecture could 
be considered inefficient since the application pro- 
cessor is already available and, as already in- 35 
dicated. has genera* computing capabilities. Ac- 
cordingly, the- secure random access memory is 
arranged so as to be accessible to the application 
processor, along with a secure read only memory. 
While both such memories are accessible to the 40 
application processor, access to those memory de- 
vices is controlled by the supervisor processor. 
More particularly, both the secure random access 
memory and the secure read only memory re- 
spond to enable signals from the supervisor pro- 4S 
cessor, and only in the presence of an appropriate 
enabling signal from the supervisor processor, can 
the application processor access these memory 
devices. The secure- read only memory device in 
effect defines a second set of executable oper- so 
ations performable by the application - processor; 
the second set of executable operations includes 
those operations whose execution is required from 
the coprocessor in the high privilege state. The 
high privilege state is characterized by those oper- 55 
ations which require decryption key management, 
transfer or manipulation. Security for this sensitive 
data is assured by the requirement for the pres- 
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ence of an enabling signal generated by the su- 
pervisor processor before such data is accessible. 

Finally, the supervisor processor, which con- 
trols all of the foregoing functions, has access to 
dedicated random access and read only memory 
devices, i.e. devices not accessible by the applica- 
tion processor. 

Thus, the dedicated read only memory defines 
a third set of executable operations performable by 
the supervisor processor including changing privi- 
lege levels, I/O operation and at least supervisor of 
key management. 



Brief Description of the Drawings 

The present invention will now be described in 
such further detail so as to enable those skilled in 
the art to practice the same, in the following por- 
tions of this specification when taken in conjunction 
with the attached drawings in which like reference 
characters identify identical apparatus and in 
which: 

Fig.. 1 is a block diagram showing a typical 
application of the logically secure processor of this 
invention; 

Fig. 2 is a detail block diagram of one em- 
bodiment of a logically secure processor in accor- 
dance with this invention; and 
_ . Figs._3 and. 4_are .respectively. copies of Figs. - 
8 and 9B from copending application [YO985-091] 
describing functions required of the coprocessor. 

Detailed Description of Preferred Embodiments 

Fig. 1 shows a combined processing system 
suitable for implementing the software asset pro- 
tection mechanism of copending application 
[YO985-091]. In particular, the combined process- 
ing system includes a host system 10 which may 
be a mainframe computer, although in the typical 
application it will be a PC such as the IBM PC. A 
secure coprocessor 20 is capable of communicat- 
ing, bidirectionally, with the host system 10 via a 
communication link 14. The secure coprocessor 20 
in accordance with the invention is physically se- 
cure; that security is denoted by the dashed rec- 
tangle interior of the borders in the coprocessor 20. 
Such physical security can be provided in accor- 
dance with the techniques described in applications 
[Y0985-41 and YO986-078], the disclosures of 
which are incorporated herein by this reference, or 
other techniques. The host system 10 has an I/O 
path 12. Other peripheral components which may 
be associated with the host system 10 and/or the 
secure coprocessor 20 are not specifically called 
out in Fig. 1; reference is made to copending 
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application [YO985-091] for a more 'detailed' illustra- 
tion of such peripheral equipment. 

The protected software 15 is made available to 
the host system 1 0; because of the characteristics 
of the protected software 1 5. the user of the host 
system 10 does not have access to that application 
in plain text form. Allowing the user access to the 
application in plain text form would enable him to 
duplicate usable copies of the software. Rather, the 
protected software includes at least an encrypted 
portion; and it is the encrypted portion which is 
subject to the protection of the software asset 
protection mechanism described in copending ap- 
plication [YO985-091]. In accordance with this soft- 
ware asset protection mechanism, the secure 
coprocessor 20 may store a distinct right to ex- 
ecute, represented in the form of a software de- 
cryption key-/ how that distinct right to execute is 
transferred to the secure coprocessor 20 is de- 
scribed in the copending application [YO985-091], 
When the user desires execution of the protected 
application, a utility program running in the host 10 
signals the secure coprocessor 20 that a Load- 
Decrypt-Run (LDR) sequence is to begin. As part 
of that sequence, the encrypted portion of the 
application is transferred to the secure coprocessor 
20 and therein it is decrypted- At various times 
during execution of the application, the secure 
coprocessor 20 may be called on to execute the 
protected portion of the application, passing results 
onto the host system 10. Accordingly, the logical 
characteristics of the secure coprocessor 20 play a 
large role in implementing the software asset pro- 
tection mechanism. In particular, the software de- 
cryption key or keys which may be stored in the 
secure coprocessor 20 should be, and remain, un- 
available to the user (access by the user to any of 
the software decryption keys would allow the user 
to decrypt the corresponding protected application 
portion, which would defeat the software asset pro- 
tection mechanism) and the decrypted form of the 
protected portion of the application, which is stored 
in the read/write memory of the secure coproces- 
sor 20. should also be unavailable to the user; only 
the results of the execution of that software should 
be provided to the user. As has already been 
mentioned, the physical security of the coproces- 
sor 20 is beyond the scope of the present inven- 
tion. The logical security of the. coprocessor 20 is 
the subject of this invention. 

Fig. 2 is a block diagram showing a logically 
secure coprocessor 20 in accordance with the 
present invention. More particularly, the secure 
coprocessor 20; as seen in Ftg. 2, includes a 
supervisor processor element 201 and an. applica- 
tion processor element 240; as shown in Fig. 2 
both elements 201 and 240 are protected by the 
physical security. More particularly, the supervisor 



element 201 includes a processor 210 and pro- 
tected memory 220. Protected memory 220 in- 
cludes both read only memory as well as 
read/write memory. The only access to the pro- 
5 tected memory 220 is from/to the supervisor pro- 
cessor 210. 

The application processor element 240 in- 
cludes a number of components; specifically an 
application processor 242, a high privilege read 
70 only memory 241 , a low privilege read only mem- 
ory 245, a random access AP memory 243, a key 
storage memory 246 and a communications buffer 
244. AH of the foregoing elements communicate 
among each other and with the processor 210 via 

15 an internal bus 250. Two of the foregoing memo- 
ries, specifically the high privilege read only mem- 
ory 241 and the key store 246 have, in addition to 
address input and output terminals, an enable ter- 
minal (EN) which is controlled by the supervisor 

20 processor 210. Only in the presence of a predeter- 
mined enable signal at the EN terminal, will the 
corresponding memory respond to its address in- 
puts with information output. The application pro- 
cessor element 240 also includes an I/O service 

25 element 247. The I/O service element 247 in turn is 
the link to the bidirectional communication link 14 
through which the secure coprocessor 20 commu- 
nicates with the host system 10. Only in the pres- 
ence of a predetermined enable signal from the 

30 SP, at the EN terminal of the I/O service element 
will "the I/O service element respond. 

Of the various tasks executed by the supervi- • 
sor processor 210 and the application processor 
242, the supervisor is responsible for communica- 

35 tion with the host 10 and performing tasks based 
on the commands 'it receives. These tasks include 
changing the . privilege state of the secure 
coprocessor 20 (between distinct high privilege and 
low privilege states), data encryption/decryption 

40 and privilege transfers; for the latter function see in 
particular copending application [YO986-011], the 
disclosure of which is incorporated herein by this 
reference. The particular functions of the supervisor 
processor 210 are defined in the read only memory 

45 portion of the protected memory 220 and hence 
are not modifiable by any external agency or com- 
mand. The supervisor processor 210 fetches 
instructions only from the read only memory por- 
tion of the memory 220; the supervisor processor 

so 210 may fetch data from. or store data to its internal 
register file or an external random access memory 
portion of the protected memory 220. Supervisor 
processor 210 may also store data in any of the 
elements 243, 244, 246 as is permitted by its 

55 instruction set. 

On the other hand, the application processing 
element 240 is a general purpose processor since 
it must execute application code and is capable of 
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fetching instructions and/or data from either 
read/write memory or read only memory. Memory 
employed by the application processor 242 is logi- 
cally and/or physically separate from the protected 
memory 220. 

In general when the host 10 requests execution 
of a protected program, the supervisor processor 
210 responds by first clearing the application pro- 
cessor random access memory 243. The supervi- 
sor processor 210 then fetches (for example from 
the application disk) the encrypted portion of the 
application and, employing the appropriate software 
decryption key, access from the key store 246, the 
encrypted application portion is decrypted and 
stored in the application processor RAM 243. It will 
> be understood that the fetch may be indirect via 

7 host 10 as described In. [YO985-091], The supervi- 

sor processor 2t0 then issues a start instruction to 
the application processor 242, The supervisor pro- 
cessor 210 also supervises the output operation, 
transferring results from the execution by the ap- 
plication processor 242 via the i/O service element 
247 to the host 10. 

During the course of its execution, the applica- 
tion processor 242 of course executes the pro- 
tected application from RAM 243. Because of the 
interconnections of the various elements, there are 
some things the application processor 242 is sim- 
ply incapable of achieving. For example, the ap- 
plication processor 242 cannot transfer any keys 

from the key store 246; since the key store" 246 ~ 

can only be enabled by the supervisor processor 
21 Q. 

The foregoing is an example of the application 
processor 242 working in a low privilege state. In 
that state any request for example by the host 10, 
to read the protected memory 220 of the supervi- 
sor, would not be honored since the supervisor is 
programmed to transfer only information from the 
application processor RAM 243, Other illegal com- 
mands that might be issued by the host 10 would 
require the supervisor 20? to output decryption 
keys; again the supervisor 201 would merely clear 
-the AP RAM 243 and wait for a new command. 

While the supervisor processor 210 may have 
general purpose processing capabilities, those ca- 
pabilities are not essential (though they are pre- 
ferred). The supervisor processor 210 can call on 
the application processor 242 to perform selected 
tasks for it; these tasks can involve high privilege - 
information, such as manipulation of decryption 
keys and the like since the supervisor 201 can 
require the application processing element 240 to 
operate in a high privilege state. In this state, the 
application processing element 240 executes 
instructions contained solely in the high privilege 
ROM 241, and of course the high privilege ROM 
241 would prohibit the application processor 242 
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from outputting high privilege information such'as 
decryption keys to the host 10. Thus, the supervi- 
sor element 201, by controlling the addressability 
of the application processing element 240, allows 

5 the processing power of the application processing 
element 240 to be applied to security or high 
privilege tasks. The application processor 242 and 
supervisor processor 210 can communicate either 
via the bus 250 or through the communication 

70 buffer 244; and it should be understood that the 
communication buffer 244 can correspond to a 
dedicated RAM location. 

As thus far described, the invention has the 
advantage of being simple to construct from cur- 

75 rently available microcircuits, which in themselves 
, J inherently have no privilege structure but yet the 
t coprocessor 20 shown in Fig. 2 does possess a 
dual privilege structure, as described. 

Fig. 3 corresponds to Fig. 8 in copending ap- 

20 plication [YO985-091] and describes the functions 
executed by the coprocessor 20 in order to per- 
form an Acquire-Right-to-Execute function. In order 
to acquire a right to execute, the coprocessor 20 
must have access to at least three files of informa- 

25 tion, the protected application, encrypted under a 
software decryption key AK, the software decryp- 
tion key itself encrypted under the hardware, ven- 
dor's key CSK and a third file which is used to 
authenticate the user's right to execute in connec- 

30 tion with a use once token. As shown in Fig. 3, 
functions C1 and C2~acquire the encrypted~decryp-~ 
tion key and, employing the hardware vendor's key " 
CSK (provided as part of the secure memory of the 
coprocessor), decrypting the software decryption 

35 key AK. Steps C3-C10 authenticate the user's right 
to execute; if that right is considered valid, func- 
tions C13 and C14 are performed and, on the other 
hand, if that right is not considered valid then 
function C11 is performed. Successful conclusion 

40 of the ARE sequence leaves the secure key stor- 
age memory 246 in a different condition than it was 
in prior to operation of the sequence; that dif- 
ference is the presence, in that memory, of the 
software decryption key AK. At least the functions 

45 C2 and C13 require the coprocessor 20 to access 
the secure key storage 246 and, for that reason, 
the ARE sequence is considered a high privilege 
operation. While the supervisor processor 210 
could theoretically perform all these functions whoi- 

50 ly divorced from the application processor 242, it is 
an advantage of the invention that the application 
processor 242 could execute many if not all the 
functions so long as it was properly authorized by 
the supervisor processor 210. That authorization 

55 would include at least enabling the high privilege 
read only memory 241 and the secure key storage 
memory 246. 

Once the coprocessor 20 has acquired the 
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right to execute (stored the application decryption 
key AK in its secure key storage memory 246), 
when a user requests execution of the protected 
application the sequence shown in Fig. 4 is ex- 
ecuted. 

Referring to Fig. 4 r functions C16 and.Cl7 
identify the particular software decryption key (if 
there is more than one) and access it from the 
secure key storage memory 246. With access to 
the decryption key AK, functions C18 and C19 
obtain the encrypted protected application and 
(C19) .decrypt that application. Function C19 in- 
cludes (although it is not expressly shown in Fig. 
4) the preparatory function of clearing the applica- 
tion processor random access memory 243, pre- 
paratory t(5 loading the decrypted software therein. 
Function C21 is the execution, by the application 
processor, of the decrypted software. 

Inasmuch as the functions C16-C19 require 
access to the key storage memory 246, these 
functions come within the ambit of high privilege 
operation and accordingly supervisor processor 
210 permission is required for their execution. 
While it is within the scope of the invention to have 
these functions performed by the supervisor pro- 
cessor 210, it is also within the scope of the 
invention to enable the application processor to 
perform these functions under the supervision of 
the supervisor processor 210. Function C21, on the 
other hand, is a low privilege operation and is 
executed by the. application processor. To the ex- 
tent that function C21 requires transmission of ex- 
ecution results from the application processor ele- 
ment 240 (and specifically from the AP RAM 243) 
to the host 10, that I/O operation is executed by the 
supervisor processor 210. 



Claims 

1. A logically secure processor with an I/O 
terminal for input or output operations with security 
for protected data stored in said processor com- 
prising: 

application processor means for executing software 
in accordance with a first set of executable oper- 
ations, 

supervisor processor means coupled to and con- 
trolling said application processor means, 

a system bus coupled to both said supervisor and 
application processor means and to said I/O termi- 
nal 

a secure read only memory device also coupled to 
said system bus and controlled by said supervisor 



268 138 12 



processor means, said secure read only memory 
device having contents defining a second set of 
operations executable by said application proces- 
sor means when said secure read only memory 
5 device is enabled by said supervisor processor 
means, 

whereby said application processor means, respon- 
sive to external commands via said system bus, is 
70 prohibited from performing operations requiring ac- 
cess to said secure read only memory device 
absent enablement of said secure read only mem- 
ory device by said supervisor processor means. 

2. The logically secure processor of claim 1 
75 which further includes: 

a secure -read/write memory device coupled to said 
system bus, said secure read/write memory device 
including means enabling response of said secure 
20 read/write memory device to signals on said sys- 
tem bus only on enablement by said supervisor 
processor means, 

whereby contents of said secure read/write mem- 
25 ory device remain secure notwithstanding connec- 
tion to said system bus. 

3. The logically secure processor of claim 2 in 
which said secure read/write memory device is a 
non-volatile memory device. 

30 4. A coprocessor implementing a software as- 

set . protection system requiring protection of ap- 
plication decryption keys comprising the logically 
secure processor as claimed in claim 2 which 
includes means to store said application decryption 

35 keys in said secure read/write memory device. 

5. A coprocessor as claimed in claim 4 in 
which: 

said supervisor processor means includes means 
40 to enable reading of said secure read/write memory 
device to extract therefrom an application decryp- 
tion key, 

said application processor means for executing 
45 software in accordance with a first set of execut- 
able operations includes general data processing 
capabilities, 

said secure read only memory device having con- 
so tents defining a second set of operations execut- 
able by said application processor means includes 
at least decryption function means for decrypting 
an application relying on an application decryption 
key read, under control of said supervisor proces- 
55 sor means. 

6. A coprocessor as claimed in claim 5 in 
which said supervisor processor means includes: 
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a dedicated read onfy memory device with con- 
tents defining a third set of executable instructions, 
and 

means for writing into said secure read/write mem- 
ory device for storing and destroying application 
decryption keys in accordance with said third set of 
executable instructions. 

7. A coprocessor as claimed in claim 6 in 
which 1 said supervisor processor means includes 
means for fetching instructions exclusively from 
said dedicated read only memory device. 

8. A compressor as claimed in claim 6 in which 
said application processor means includes an ap- 
plication read/write memory* means for storing a 
decrypted application and wherein said supervisor 
processor means includes ^means -to clear said 
application read/wrrte memory means prior to each 
time an application is written therein. 

9. A logically secure processor comprising: 

application processor means including an applica- 
tion microprocessor and application read only and 
read/write memory device for executing software 
stared in said application read/write memory device 
in accordance with contents of said application 
read only memory device, 

supervisor processor means including a supervisor 
rn|crgprpcesspr„ and associated _memory devices, 
coupled via a dedicated signal path, said supervi- 
sor processor means including a read only memory 
device with contents defining operations executable 
by said supervisor microprocessor, 

a system bus coupled to said application micropro- 
cessor, said supervisor microprocessor and to both 
said application read only and read/write memory 
devices, 

& secure read only memory device also coupled to 
said system bus with a control terminal driven by 
said supervisor processor means, said secure read 
only memory device having contents defining a 
secure set of operations executable by said ap- 
plication processor means when said secure read 
only memory device is enabled by said supervisor 
processor means, and 

means coupling said system bus for input/output 
operation, 

whereby said application processor means, respon- 
sive to external commands, is prohibited from per- 
forming operations requiring access to said secure 
read only memory device absent enablement of 
said secure read only memory device by said 
supervisor processor means- 



10. The logically secure processor of claim 9 
which further includes: 

a secure read/write memory device coupled to said 
5 system bus with a control terminal driven by said 
supervisor processor means, said secure read/write 
memory device including means preventing re- 
sponse of said secure read/write memory device to 
signals on said system bus in absence of en- 
10 ablement by said supervisor processor means, 

whereby contents of said a secure read/write mem- 
ory device remain secure notwithstanding connec- 
tion to said system bus. 
75 * 11. The logically secure processor of claim 10 
in which said secure read/write memory device is a 
non-volatile memory device. 

12. A processor implementing a software asset 
protection system requiring protection of applica- 

20 tion decryption keys comprising the logically se- 
cure processor as claimed in claim 10 in which 
said secure read/write memory device includes 
means to store said application decryption keys. 

13. A processor as claimed in claim 12 in 
25 which: 

said supervisor processor means includes means 
to enable reading said secure read/write memory 
device to extract therefrom an application decryp- 
30 tiqn_key , _ _ _ 

said application processor means for executing 
software in accordance with a first set of execut- 
able operations includes general data processing 
35 capabilities, 

said secure read only memory device having con- 
tents defining a second set of operations execut- 
able by said application processor means including 
40 at least decryption function means for decrypting 
an application relying on an application decryption 
key read, under control of said supervisor proces- 
sor means. 

14. A processor as claimed in claim 13 in 
45 which: 

said supervisor processor means includes a dedi- 
cated read only memory device with contents ex- 
clusively defining a third set of executable instruc- 
so tions, and 

means for writing into said secure read/write mem- 
ory device for storing and destroying application 
decryption keys in accordance with said third set of 
55 executable instructions. 
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15. A processor as claimed in claim 14 in 
which said supervisor processor means includes 
means for fetching instructions exclusively from 
said dedicated read only memory device. 

16. A processor as claimed in claim 15 in s 
which said supervisor processor means includes 
means to clear said application read/write memory 
device prior to each time an application is written 
therein. 
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0 Implementing privilege on microprocessor systems for use in software asset protection. 



© A dual privilege level coprocessor (20) especially 
suited for use in a software asset protection system 
comrises a supervisor processing element (201) and 
an application processing element (240) coupled by 
a bus (250). A high privilege read only memory (241) 
and a secure random access memory (240) are 
enabled only in response to dedicated control sig- 
nals from the supervisor processor (210). While an 
application processor (247)* has many general pur- 
pose computing capabilities, it is incapable of ex- 
ecuting input or output operations. An input/output 
device (247) is also coupled to the bus and con- 
trolled by the supervisor processor. A secure ran- 
dom access memory (246) is provided for storage of 
sensitive information such as decryption keys. The 
"^coprocessor implements a low privilege level of op- 
OOeration for the purpose of executing protected soft- 
^ware which is first decrypted under the control of the 
supervisor processor and then stored in the applica- 
tion processor random access memory (243). The 
^coprocessor is also capable of high privilege opera- 
tion either by the supervisor processor alone or with 
®the supervisor processor controlling the application 
Q- processor and its associated high privilege read only 
LU memory (241 ). 
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